CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-54780 |
Description: Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting arbitrary OpenVPN management commands via the remipp parameter.
CVSS: HIGH (8.8) EPSS Score: 0.33%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-47445 |
Description: Relative Path Traversal vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.26.
CVSS: HIGH (7.5) EPSS Score: 0.06%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-3931 |
Description: A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages.
This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data.
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-3834 |
Description: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.
CVSS: HIGH (8.1) EPSS Score: 0.03%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-4430 |
Description: Unauthorized access to "/api/Token/gettoken" endpoint in EZD RP allows file manipulation.This issue affects EZD RP in versions before 20.19 (published on 22nd August 2024).
CVSS: HIGH (8.6) EPSS Score: 0.05%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-3833 |
Description: Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports.
CVSS: HIGH (8.1) EPSS Score: 0.03%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-26864 |
Description: Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB.
This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2.
Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue.
CVSS: HIGH (7.5) EPSS Score: 0.04%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-2875 |
Description: CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could
cause a loss of confidentiality when an unauthenticated attacker manipulates controller’s webserver URL to
access resources.
CVSS: HIGH (7.5) EPSS Score: 0.08%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-26646 |
Description: External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
CVSS: HIGH (8.0) EPSS Score: 0.03%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-24308 |
Description: Improper input validation in the UEFI firmware error handler for the Intel(R) Server D50DNP and M50FCP may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS: HIGH (7.5) EPSS Score: 0.02%
May 13th, 2025 (about 1 month ago)
|